laziness, impatience, and hubris | |
PerlMonks |
Example use of MD5: making a MACby saucepan (Scribe) |
on Jan 10, 2001 at 11:19 UTC ( [id://50889]=note: print w/replies, xml ) | Need Help?? |
Here's a concrete example of using MD5 to create
a message authentication code. Say you are writing a CGI script that plays a game with the user. You want to keep score, and give a prize of some kind to the first player who wins 100 games. You could keep a list of players and their scores on the server, but this is complex and costly if there are a very large number of players (or a large number of them playing at once), and you don't want to waste server side storage on the vast majority of users who are expected to play two or three games and then give up. It would be nice if you could keep their current score in a cookie, but then what is to stop someone from editing their cookies.txt file and setting their score to 99? This is where the MAC comes in:
The authenticated_score() sub can be used to decorate a score with a code that's dependent upon both the score and your secret string. Just before you give out a score cookie to a player, run it through authenticated_score() to add the MAC:
Now, when someone presents a score cookie, you can check the MAC to see whether the score is one you handed out or an impostor:
Of course, a real program would probably want to do things in a different order:
Hmm, this turned out to be kind of long for a comment. But I spent so long on it I'm going to post it anyway, right after I mention that in a real program you might want to use CGI::EncryptForm instead of doing all this work yourself. :)
In Section
Seekers of Perl Wisdom
|
|